Back to main page

Jenkins CI Server insecure deserialization command execution

Category:

Application vulnerabilities

Sub-category:

Application exploits

Severity:

medium

Description:

Detects attempts to exploit a unsafe deserialization vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.